1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: Trojan Virus causing the download of other viruses

Discussion in 'Virus & Other Malware Removal' started by Colin595, Apr 15, 2008.

Thread Status:
Not open for further replies.
Advertisement
  1. Colin595

    Colin595 Thread Starter

    Joined:
    Apr 14, 2008
    Messages:
    8
    Hi there,

    I have a trojan virus on my laptop due to which I ended up downloading other viruses, one of which is the antispyware master and I can't seem to be able to get rid of it. I have Norton 360 installed on my laptop but it does not seem to recognise any of the viruses.
    I am also having problems with word now.
    Any ideas what could be done?

    Thanks a lot.
     
  2. blues_harp28

    blues_harp28 Trusted Advisor Spam Fighter

    Joined:
    Jan 9, 2005
    Messages:
    18,785
    Hi and welcome to TSG.
    Post a Hijack this log..one of the log experts will check it.

    If you have HJT already please uninstall before reinstalling new version
    Click here to download HJTInstall.exe
    • Save HJTInstall.exe to your desktop.
    • Doubleclick on the HJTInstall.exe icon on your desktop.
    • By default it will install to C:\Program Files\Trend Micro\HijackThis .
    • Click on Install.
    • It will create a HijackThis icon on the desktop.
    • Once installed, it will launch Hijackthis.
    • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    • Come back here to this thread and Paste the log in your next reply.
    • DO NOT use the AnalyseThis button, its findings are dangerous if misinterpreted.
    • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.
     
  3. Colin595

    Colin595 Thread Starter

    Joined:
    Apr 14, 2008
    Messages:
    8
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:06:25, on 17/04/2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16609)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\HP\QuickPlay\QPService.exe
    C:\Program Files\Napster\napster.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\Java\jre1.6.0\bin\jusched.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Spyware Doctor\pctsTray.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Windows\system32\SearchFilterHost.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=73&bd=Pavilion&pf=laptop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=73&bd=Pavilion&pf=laptop
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=C:\Windows\system32\ezShellStart.exe
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
    O2 - BHO: 375013 helper - {74F7DB6B-86E9-4B91-9D9F-B0D954D7AA5B} - C:\Windows\system32\375013\375013.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O3 - Toolbar: Internet Service - {DB9FBA9D-AB1B-4CC6-9745-F3B549D64E40} - C:\Program Files\NetProject\wamdl.dll (file missing)
    O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
    O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
    O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
    O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
    O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [e©ùýùàûïýóÎÇøøíøôóÊý÷ñûÍÞó] C:\Program Files\XP Antivirus\xpa.exe
    O4 - HKCU\..\Run: [SpywareRemover] C:\Program Files\SpywareRemover\SpywareRemover.exe -boot
    O4 - HKCU\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.exe -boot
    O4 - HKCU\..\Run: [ISUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.iefixgate.com/redirect.php (file missing)
    O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.iefixgate.com/redirect.php (file missing)
    O13 - Gopher Prefix:
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: ccEvtMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: ccSetMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: EasyBits Magic Desktop Services for Windows NT (ezntsvc) - EasyBits Software Corp. - C:\Windows\system32\ezNTSvc.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: SpywareRemover Scanning Engine (SpywareRemoverSrv) - Unknown owner - C:\Program Files\SpywareRemover\SpywareRemover.srv.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 11153 bytes
     
  4. Colin595

    Colin595 Thread Starter

    Joined:
    Apr 14, 2008
    Messages:
    8
    Hi there,

    Here is what I got from HIjack this. I hope it helps.

    Thanks a lot.
     
  5. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Please download Malwarebytes Anti-Malware from Here or Here
    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform Quick Scan, then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy the entire report and paste it in your next reply.
    Extra Note:

    If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
     
  6. Colin595

    Colin595 Thread Starter

    Joined:
    Apr 14, 2008
    Messages:
    8
    Malwarebytes' Anti-Malware 1.11
    Database version: 673

    Scan type: Quick Scan
    Objects scanned: 35929
    Time elapsed: 9 minute(s), 44 second(s)

    Memory Processes Infected: 1
    Memory Modules Infected: 2
    Registry Keys Infected: 42
    Registry Values Infected: 6
    Registry Data Items Infected: 0
    Folders Infected: 18
    Files Infected: 59

    Memory Processes Infected:
    C:\Program Files\SpywareRemover\SpywareRemover.srv.exe (Rogue.Spyware.Remover) -> Unloaded process successfully.

    Memory Modules Infected:
    C:\Program Files\SpywareRemover\TCL.dll (Rogue.Spyware.Remover) -> Unloaded module successfully.
    C:\Program Files\SpywareRemover\zlib.dll (Rogue.Spyware.Remover) -> Unloaded module successfully.

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\Interface\{f7d09218-46d7-4d3d-9b7f-315204cd0836} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{e63648f7-3933-440e-b4f6-a8584dd7b7eb} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijack) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{db9fba9d-ab1b-4cc6-9745-f3b549d64e40} (Trojan.Zlob) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\e404.e404mgr (Trojan.Zlob) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\e404.e404mgr.1 (Trojan.Zlob) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{74f7db6b-86e9-4b91-9d9f-b0d954d7aa5b} (Trojan.Zlob) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{74f7db6b-86e9-4b91-9d9f-b0d954d7aa5b} (Trojan.Zlob) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\hostie.bho (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\hostie.bho.1 (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\toolbar.htmlmenuui (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\toolbar.htmlmenuui.1 (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\toolbar.toolbarctl (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\toolbar.toolbarctl.1 (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\srv.coreservices (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\srv.coreservices.1 (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\hostol.mailanim (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\hostol.mailanim.1 (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\hbmain.commband (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\hbmain.commband.1 (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\coresrv.lfgax (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\coresrv.lfgax.1 (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\hostol.webmailsend (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\hostol.webmailsend.1 (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{bf1bf02c-5a86-4ecf-adac-472c54c4d21e} (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\instie.hbinstobj (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\instie.hbinstobj.1 (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\coresrv.coreservices (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\coresrv.coreservices.1 (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\hbr.hbmain (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\hbr.hbmain.1 (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\spywareremoversrv (Rogue.Spyware.Remover) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\spywareremoversrv (Rogue.Spyware.Remover) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\spywareremoversrv (Rogue.Spyware.Remover) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\MalwareCore 7.4 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\AdwareAlert (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\E404.e404mgr (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\SpywareRemover (Rogue.Spyware.Remover) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\multimediaControls.chl (Trojan.Zlob) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\VB and VBA Program Settings\Registry Defender (Rogue.Registry.Defender) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\VirusRanger (Rogue.Virus.Ranger) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{db9fba9d-ab1b-4cc6-9745-f3b549d64e40} (Trojan.Zlob) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{db9fba9d-ab1b-4cc6-9745-f3b549d64e40} (Trojan.Zlob) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\AdwareAlert (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\*.securewebinfo.com (Trojan.Zlob) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\*.safetyincludes.com (Trojan.Zlob) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\*.securemanaging.com (Trojan.Zlob) -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    C:\Program Files\SpywareRemover (Rogue.Spyware.Remover) -> Quarantined and deleted successfully.
    C:\Program Files\SpywareRemover\FilterDrv (Rogue.Spyware.Remover) -> Quarantined and deleted successfully.
    C:\Program Files\Registry Defender (Rogue.Registry.Defender) -> Quarantined and deleted successfully.
    C:\Program Files\Registry Defender\backup (Rogue.Registry.Defender) -> Quarantined and deleted successfully.
    C:\Program Files\MalwareCore 7.4 (Rogue.MalwareCore) -> Quarantined and deleted successfully.
    C:\Program Files\MalwareCore 7.4\Lang (Rogue.MalwareCore) -> Quarantined and deleted successfully.
    C:\Program Files\MalwareCore 7.4\Quarantine (Rogue.MalwareCore) -> Quarantined and deleted successfully.
    C:\Windows\System32\375013 (Trojan.Zlob) -> Quarantined and deleted successfully.
    C:\Users\verna\AppData\Roaming\AdwareAlert (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
    C:\Users\verna\AppData\Roaming\AdwareAlert\Log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
    C:\Users\verna\AppData\Roaming\AdwareAlert\Settings (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
    C:\Users\verna\AppData\Roaming\SpywareRemover (Rogue.Spyware.Remover) -> Quarantined and deleted successfully.
    C:\Users\verna\AppData\Roaming\SpywareRemover\Log (Rogue.Spyware.Remover) -> Quarantined and deleted successfully.
    C:\Users\verna\AppData\Roaming\SpywareRemover\Settings (Rogue.Spyware.Remover) -> Quarantined and deleted successfully.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Registry Defender (Rogue.Registry.Defender) -> Quarantined and deleted successfully.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MalwareCore 7.4 (Rogue.MalwareCore) -> Quarantined and deleted successfully.
    C:\Users\verna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MalwareCore 7.4 (Rogue.MalwareCore) -> Quarantined and deleted successfully.
    C:\Users\verna\AppData\Roaming\Seekmo (AdWare.Agent) -> Delete on reboot.

    Files Infected:
    C:\Program Files\SpywareRemover\DataBase.ref (Rogue.Spyware.Remover) -> Quarantined and deleted successfully.
    C:\Program Files\SpywareRemover\Difxapi.dll (Rogue.Spyware.Remover) -> Quarantined and deleted successfully.
    C:\Program Files\SpywareRemover\Launcher.exe (Rogue.Spyware.Remover) -> Quarantined and deleted successfully.
    C:\Program Files\SpywareRemover\SpyCleaner.dll (Rogue.Spyware.Remover) -> Quarantined and deleted successfully.
    C:\Program Files\SpywareRemover\SpywareRemover.exe (Rogue.Spyware.Remover) -> Quarantined and deleted successfully.
    C:\Program Files\SpywareRemover\SpywareRemover.srv.exe (Rogue.Spyware.Remover) -> Quarantined and deleted successfully.
    C:\Program Files\SpywareRemover\SpywareRemover.url (Rogue.Spyware.Remover) -> Quarantined and deleted successfully.
    C:\Program Files\SpywareRemover\TCL.dll (Rogue.Spyware.Remover) -> Quarantined and deleted successfully.
    C:\Program Files\SpywareRemover\vistaCPtasks.xml (Rogue.Spyware.Remover) -> Quarantined and deleted successfully.
    C:\Program Files\SpywareRemover\zlib.dll (Rogue.Spyware.Remover) -> Quarantined and deleted successfully.
    C:\Program Files\SpywareRemover\FilterDrv\SpywareRemover.amd64.sys (Rogue.Spyware.Remover) -> Quarantined and deleted successfully.
    C:\Program Files\SpywareRemover\FilterDrv\SpywareRemover.cat (Rogue.Spyware.Remover) -> Quarantined and deleted successfully.
    C:\Program Files\SpywareRemover\FilterDrv\SpywareRemover.inf (Rogue.Spyware.Remover) -> Quarantined and deleted successfully.
    C:\Program Files\SpywareRemover\FilterDrv\SpywareRemover.x86.sys (Rogue.Spyware.Remover) -> Quarantined and deleted successfully.
    C:\Program Files\Registry Defender\report.csv (Rogue.Registry.Defender) -> Quarantined and deleted successfully.
    C:\Program Files\Registry Defender\backup\01_04_2008.reg (Rogue.Registry.Defender) -> Quarantined and deleted successfully.
    C:\Program Files\MalwareCore 7.4\MalwareCore 7.4.url (Rogue.MalwareCore) -> Quarantined and deleted successfully.
    C:\Program Files\MalwareCore 7.4\msvcp71.dll (Rogue.MalwareCore) -> Quarantined and deleted successfully.
    C:\Program Files\MalwareCore 7.4\msvcr71.dll (Rogue.MalwareCore) -> Quarantined and deleted successfully.
    C:\Program Files\MalwareCore 7.4\mwdb.dat (Rogue.MalwareCore) -> Quarantined and deleted successfully.
    C:\Program Files\MalwareCore 7.4\Lang\English.ini (Rogue.MalwareCore) -> Quarantined and deleted successfully.
    C:\Users\verna\AppData\Roaming\AdwareAlert\rs.dat (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
    C:\Users\verna\AppData\Roaming\AdwareAlert\Log\2008 Apr 14 - 05_02_44 PM_720.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
    C:\Users\verna\AppData\Roaming\AdwareAlert\Log\2008 Apr 14 - 05_02_49 PM_381.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
    C:\Users\verna\AppData\Roaming\AdwareAlert\Log\2008 Apr 14 - 05_11_31 PM_995.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
    C:\Users\verna\AppData\Roaming\AdwareAlert\Log\2008 Apr 14 - 07_22_27 PM_718.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
    C:\Users\verna\AppData\Roaming\AdwareAlert\Log\2008 Apr 15 - 07_47_29 AM_614.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
    C:\Users\verna\AppData\Roaming\AdwareAlert\Settings\ScanResults.pie (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
    C:\Users\verna\AppData\Roaming\SpywareRemover\rs.dat (Rogue.Spyware.Remover) -> Quarantined and deleted successfully.
    C:\Users\verna\AppData\Roaming\SpywareRemover\Log\2008 Apr 14 - 04_59_24 PM_538.log (Rogue.Spyware.Remover) -> Quarantined and deleted successfully.
    C:\Users\verna\AppData\Roaming\SpywareRemover\Log\2008 Apr 14 - 04_59_47 PM_088.log (Rogue.Spyware.Remover) -> Quarantined and deleted successfully.
    C:\Users\verna\AppData\Roaming\SpywareRemover\Log\2008 Apr 14 - 04_59_47 PM_459.log (Rogue.Spyware.Remover) -> Quarantined and deleted successfully.
    C:\Users\verna\AppData\Roaming\SpywareRemover\Log\2008 Apr 14 - 05_00_06 PM_385.log (Rogue.Spyware.Remover) -> Quarantined and deleted successfully.
    C:\Users\verna\AppData\Roaming\SpywareRemover\Log\2008 Apr 14 - 05_00_08 PM_852.log (Rogue.Spyware.Remover) -> Quarantined and deleted successfully.
    C:\Users\verna\AppData\Roaming\SpywareRemover\Log\2008 Apr 14 - 05_07_36 PM_769.log (Rogue.Spyware.Remover) -> Quarantined and deleted successfully.
    C:\Users\verna\AppData\Roaming\SpywareRemover\Log\2008 Apr 14 - 05_11_27 PM_564.log (Rogue.Spyware.Remover) -> Quarantined and deleted successfully.
    C:\Users\verna\AppData\Roaming\SpywareRemover\Log\2008 Apr 14 - 07_22_27 PM_804.log (Rogue.Spyware.Remover) -> Quarantined and deleted successfully.
    C:\Users\verna\AppData\Roaming\SpywareRemover\Log\2008 Apr 15 - 07_47_30 AM_169.log (Rogue.Spyware.Remover) -> Quarantined and deleted successfully.
    C:\Users\verna\AppData\Roaming\SpywareRemover\Log\2008 Apr 15 - 11_27_04 AM_223.log (Rogue.Spyware.Remover) -> Quarantined and deleted successfully.
    C:\Users\verna\AppData\Roaming\SpywareRemover\Log\2008 Apr 15 - 11_40_52 AM_513.log (Rogue.Spyware.Remover) -> Quarantined and deleted successfully.
    C:\Users\verna\AppData\Roaming\SpywareRemover\Log\2008 Apr 17 - 07_49_24 AM_637.log (Rogue.Spyware.Remover) -> Quarantined and deleted successfully.
    C:\Users\verna\AppData\Roaming\SpywareRemover\Log\2008 Apr 17 - 08_57_04 PM_409.log (Rogue.Spyware.Remover) -> Quarantined and deleted successfully.
    C:\Users\verna\AppData\Roaming\SpywareRemover\Log\2008 Apr 18 - 07_58_47 AM_011.log (Rogue.Spyware.Remover) -> Quarantined and deleted successfully.
    C:\Users\verna\AppData\Roaming\SpywareRemover\Log\2008 Apr 18 - 08_10_30 AM_983.log (Rogue.Spyware.Remover) -> Quarantined and deleted successfully.
    C:\Users\verna\AppData\Roaming\SpywareRemover\Log\2008 Apr 21 - 07_18_03 PM_704.log (Rogue.Spyware.Remover) -> Quarantined and deleted successfully.
    C:\Users\verna\AppData\Roaming\SpywareRemover\Log\2008 Apr 21 - 09_27_55 AM_384.log (Rogue.Spyware.Remover) -> Quarantined and deleted successfully.
    C:\Users\verna\AppData\Roaming\SpywareRemover\Log\2008 Apr 22 - 06_44_02 PM_494.log (Rogue.Spyware.Remover) -> Quarantined and deleted successfully.
    C:\Users\verna\AppData\Roaming\SpywareRemover\Log\2008 Apr 22 - 07_46_46 AM_790.log (Rogue.Spyware.Remover) -> Quarantined and deleted successfully.
    C:\Users\verna\AppData\Roaming\SpywareRemover\Log\2008 Apr 22 - 08_00_52 AM_340.log (Rogue.Spyware.Remover) -> Quarantined and deleted successfully.
    C:\Users\verna\AppData\Roaming\SpywareRemover\Log\2008 Apr 23 - 07_57_09 AM_266.log (Rogue.Spyware.Remover) -> Quarantined and deleted successfully.
    C:\Users\verna\AppData\Roaming\SpywareRemover\Settings\ScanResults.pie (Rogue.Spyware.Remover) -> Quarantined and deleted successfully.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Registry Defender\Registry Defender.lnk (Rogue.Registry.Defender) -> Quarantined and deleted successfully.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MalwareCore 7.4\MalwareCore 7.4 Website.lnk (Rogue.MalwareCore) -> Quarantined and deleted successfully.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MalwareCore 7.4\MalwareCore 7.4.lnk (Rogue.MalwareCore) -> Quarantined and deleted successfully.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MalwareCore 7.4\Uninstall MalwareCore 7.4.lnk (Rogue.MalwareCore) -> Quarantined and deleted successfully.
    C:\Windows\Tasks\SpywareRemover Scheduled Scan.job (Rogue.Spyware.Remover) -> Quarantined and deleted successfully.
    C:\Users\verna\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\MalwareCore 7.4.lnk (Rogue.MalwareCore) -> Quarantined and deleted successfully.
    C:\Users\verna\AppData\Roaming\Microsoft\Windows\Start Menu\MalwareCore 7.4.lnk (Rogue.MalwareCore) -> Quarantined and deleted successfully.
    C:\Users\verna\Favorites\Online Security Test.url (Rogue.Link) -> Quarantined and deleted successfully.
     
  7. Colin595

    Colin595 Thread Starter

    Joined:
    Apr 14, 2008
    Messages:
    8
    Thanks a lot for replying. I installed MBAM and that was what I came up with. I understand all the infections have now been quarantined and deleted or are there other things that need to be deleted? It did mention that there were some infections that could not be removed after which it recommended a restart which I accepted. I do not know if that means the other infections have been deleted as well or not.
    It would be great if you could let me know.
    Thank you very much for your help. It was much appreciated.
     
  8. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Please post a new hijackthis log.
     
  9. Colin595

    Colin595 Thread Starter

    Joined:
    Apr 14, 2008
    Messages:
    8
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:35:23, on 24/04/2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16643)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\HP\QuickPlay\QPService.exe
    C:\Program Files\Napster\napster.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Java\jre1.6.0\bin\jusched.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Spyware Doctor\pctsTray.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
    C:\Windows\system32\rundll32.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=73&bd=Pavilion&pf=laptop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=73&bd=Pavilion&pf=laptop
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
    O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
    O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
    O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
    O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [e©ùýùàûïýóÎÇøøíøôóÊý÷ñûÍÞó] C:\Program Files\XP Antivirus\xpa.exe
    O4 - HKCU\..\Run: [SpywareRemover] C:\Program Files\SpywareRemover\SpywareRemover.exe -boot
    O4 - HKCU\..\Run: [ISUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O13 - Gopher Prefix:
    O17 - HKLM\System\CCS\Services\Tcpip\..\{73036C0E-83D0-45F4-AD8C-6A006469A828}: NameServer = 213.130.128.32 213.130.128.33
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: ccEvtMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: ccSetMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: EasyBits Magic Desktop Services for Windows NT (ezntsvc) - EasyBits Software Corp. - C:\Windows\system32\ezNTSvc.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 10365 bytes
     
  10. Colin595

    Colin595 Thread Starter

    Joined:
    Apr 14, 2008
    Messages:
    8
    Here is the Hijack this log file.
    Please advise.

    Thanks a lot
     
  11. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Looks good (y)

    Run HJT again, Run as Administrator, and put a check in the following:

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

    Close all applications and browser windows before you click "fix checked".
     
  12. Colin595

    Colin595 Thread Starter

    Joined:
    Apr 14, 2008
    Messages:
    8
    Hello there,

    Thank you very much for your help. It was much appreciated. I guess that the problem is fixed isn't it?
     
  13. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    [​IMG] Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems

    Upgrading Java:

    • Download the latest version of Java Runtime Environment (JRE) 6 Update 6.
    • Scroll down to where it says Java Runtime Environment (JRE) 6 Update 6. The Java SE Runtime Environment (JRE) allows end-users to run Java applications (the fifth one in the list)..
    • Click the "Download" button to the right. A new page will open.
    • Select your platform and check the box that says: I agree to the Java SE Runtime Environment 6 License Agreement.
    • Click Continue.
    • Click on the link under Windows Offline Installation (jre-6u6-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager.
    • Go to Start - Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
    • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
    • Click the Remove or Change/Remove button.
    • Repeat as many times as necessary to remove each Java version.
    • Reboot your computer once all Java components are removed.
    • Close any programs you may have running - especially your web browser.
    • Then from your desktop double-click on the download to install the newest version.


    Here are some additional links for you to check out to help you with your computer security.

    How did I get infected in the first place.

    Good free tools and advice on how to tighten your security settings.

    Security Help Tools



    You're welcome!
     
  14. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/703914

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice